-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform (openstack-nova) security update Advisory ID: RHSA-2023:1278-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1278 Issue date: 2023-03-15 CVE Names: CVE-2022-47951 ===================================================================== 1. Summary: An update for openstack-nova is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 13.0 - ELS - noarch Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch Red Hat OpenStack Platform 16.1 - noarch Red Hat OpenStack Platform 16.2 - noarch 3. Description: OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances, managing networks, and controlling access through users and projects.OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors. Security Fix(es): * Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2161812 - CVE-2022-47951 openstack: Arbitrary file access through custom VMDK flat descriptor 6. Package List: Red Hat OpenStack Platform 13.0 - ELS: Source: python-oslo-utils-3.35.1-5.el7ost.src.rpm noarch: python-oslo-utils-lang-3.35.1-5.el7ost.noarch.rpm python2-oslo-utils-3.35.1-5.el7ost.noarch.rpm Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server: Source: openstack-nova-17.0.13-40.el7ost.src.rpm python-oslo-utils-3.35.1-5.el7ost.src.rpm noarch: openstack-nova-17.0.13-40.el7ost.noarch.rpm openstack-nova-api-17.0.13-40.el7ost.noarch.rpm openstack-nova-cells-17.0.13-40.el7ost.noarch.rpm openstack-nova-common-17.0.13-40.el7ost.noarch.rpm openstack-nova-compute-17.0.13-40.el7ost.noarch.rpm openstack-nova-conductor-17.0.13-40.el7ost.noarch.rpm openstack-nova-console-17.0.13-40.el7ost.noarch.rpm openstack-nova-migration-17.0.13-40.el7ost.noarch.rpm openstack-nova-network-17.0.13-40.el7ost.noarch.rpm openstack-nova-novncproxy-17.0.13-40.el7ost.noarch.rpm openstack-nova-placement-api-17.0.13-40.el7ost.noarch.rpm openstack-nova-scheduler-17.0.13-40.el7ost.noarch.rpm openstack-nova-serialproxy-17.0.13-40.el7ost.noarch.rpm openstack-nova-spicehtml5proxy-17.0.13-40.el7ost.noarch.rpm python-nova-17.0.13-40.el7ost.noarch.rpm python-nova-tests-17.0.13-40.el7ost.noarch.rpm python-oslo-utils-lang-3.35.1-5.el7ost.noarch.rpm python2-oslo-utils-3.35.1-5.el7ost.noarch.rpm Red Hat OpenStack Platform 13.0 - ELS: Source: openstack-nova-17.0.13-40.el7ost.src.rpm python-oslo-utils-3.35.1-5.el7ost.src.rpm noarch: openstack-nova-17.0.13-40.el7ost.noarch.rpm openstack-nova-api-17.0.13-40.el7ost.noarch.rpm openstack-nova-cells-17.0.13-40.el7ost.noarch.rpm openstack-nova-common-17.0.13-40.el7ost.noarch.rpm openstack-nova-compute-17.0.13-40.el7ost.noarch.rpm openstack-nova-conductor-17.0.13-40.el7ost.noarch.rpm openstack-nova-console-17.0.13-40.el7ost.noarch.rpm openstack-nova-migration-17.0.13-40.el7ost.noarch.rpm openstack-nova-network-17.0.13-40.el7ost.noarch.rpm openstack-nova-novncproxy-17.0.13-40.el7ost.noarch.rpm openstack-nova-placement-api-17.0.13-40.el7ost.noarch.rpm openstack-nova-scheduler-17.0.13-40.el7ost.noarch.rpm openstack-nova-serialproxy-17.0.13-40.el7ost.noarch.rpm openstack-nova-spicehtml5proxy-17.0.13-40.el7ost.noarch.rpm python-nova-17.0.13-40.el7ost.noarch.rpm python-nova-tests-17.0.13-40.el7ost.noarch.rpm python-oslo-utils-lang-3.35.1-5.el7ost.noarch.rpm python2-oslo-utils-3.35.1-5.el7ost.noarch.rpm Red Hat OpenStack Platform 13.0 - ELS: Source: python-oslo-utils-3.35.1-5.el7ost.src.rpm noarch: python-oslo-utils-lang-3.35.1-5.el7ost.noarch.rpm python2-oslo-utils-3.35.1-5.el7ost.noarch.rpm Red Hat OpenStack Platform 13.0 - ELS: Source: python-oslo-utils-3.35.1-5.el7ost.src.rpm noarch: python-oslo-utils-lang-3.35.1-5.el7ost.noarch.rpm python2-oslo-utils-3.35.1-5.el7ost.noarch.rpm Red Hat OpenStack Platform 13.0 - ELS: Source: python-oslo-utils-3.35.1-5.el7ost.src.rpm noarch: python-oslo-utils-lang-3.35.1-5.el7ost.noarch.rpm python2-oslo-utils-3.35.1-5.el7ost.noarch.rpm Red Hat OpenStack Platform 16.1: Source: openstack-nova-20.4.1-1.20221005193231.1ee93b9.el8ost.src.rpm python-oslo-utils-3.41.6-1.20230130153634.f4deaad.el8ost.src.rpm noarch: openstack-nova-20.4.1-1.20221005193231.1ee93b9.el8ost.noarch.rpm openstack-nova-api-20.4.1-1.20221005193231.1ee93b9.el8ost.noarch.rpm openstack-nova-common-20.4.1-1.20221005193231.1ee93b9.el8ost.noarch.rpm openstack-nova-compute-20.4.1-1.20221005193231.1ee93b9.el8ost.noarch.rpm openstack-nova-conductor-20.4.1-1.20221005193231.1ee93b9.el8ost.noarch.rpm openstack-nova-console-20.4.1-1.20221005193231.1ee93b9.el8ost.noarch.rpm openstack-nova-migration-20.4.1-1.20221005193231.1ee93b9.el8ost.noarch.rpm openstack-nova-novncproxy-20.4.1-1.20221005193231.1ee93b9.el8ost.noarch.rpm openstack-nova-scheduler-20.4.1-1.20221005193231.1ee93b9.el8ost.noarch.rpm openstack-nova-serialproxy-20.4.1-1.20221005193231.1ee93b9.el8ost.noarch.rpm openstack-nova-spicehtml5proxy-20.4.1-1.20221005193231.1ee93b9.el8ost.noarch.rpm python-oslo-utils-lang-3.41.6-1.20230130153634.f4deaad.el8ost.noarch.rpm python3-nova-20.4.1-1.20221005193231.1ee93b9.el8ost.noarch.rpm python3-oslo-utils-3.41.6-1.20230130153634.f4deaad.el8ost.noarch.rpm Red Hat OpenStack Platform 16.2: Source: openstack-nova-20.6.2-2.20221005185231.6786e96.el8ost.src.rpm python-oslo-utils-3.41.6-2.20230130154947.f4deaad.el8ost.src.rpm noarch: openstack-nova-20.6.2-2.20221005185231.6786e96.el8ost.noarch.rpm openstack-nova-api-20.6.2-2.20221005185231.6786e96.el8ost.noarch.rpm openstack-nova-common-20.6.2-2.20221005185231.6786e96.el8ost.noarch.rpm openstack-nova-compute-20.6.2-2.20221005185231.6786e96.el8ost.noarch.rpm openstack-nova-conductor-20.6.2-2.20221005185231.6786e96.el8ost.noarch.rpm openstack-nova-console-20.6.2-2.20221005185231.6786e96.el8ost.noarch.rpm openstack-nova-migration-20.6.2-2.20221005185231.6786e96.el8ost.noarch.rpm openstack-nova-novncproxy-20.6.2-2.20221005185231.6786e96.el8ost.noarch.rpm openstack-nova-scheduler-20.6.2-2.20221005185231.6786e96.el8ost.noarch.rpm openstack-nova-serialproxy-20.6.2-2.20221005185231.6786e96.el8ost.noarch.rpm openstack-nova-spicehtml5proxy-20.6.2-2.20221005185231.6786e96.el8ost.noarch.rpm python-oslo-utils-lang-3.41.6-2.20230130154947.f4deaad.el8ost.noarch.rpm python3-nova-20.6.2-2.20221005185231.6786e96.el8ost.noarch.rpm python3-oslo-utils-3.41.6-2.20230130154947.f4deaad.el8ost.noarch.rpm Red Hat OpenStack Platform 16.1: Source: python-oslo-utils-3.41.6-1.20230130153634.f4deaad.el8ost.src.rpm noarch: python-oslo-utils-lang-3.41.6-1.20230130153634.f4deaad.el8ost.noarch.rpm python3-oslo-utils-3.41.6-1.20230130153634.f4deaad.el8ost.noarch.rpm Red Hat OpenStack Platform 16.2: Source: python-oslo-utils-3.41.6-2.20230130154947.f4deaad.el8ost.src.rpm noarch: python-oslo-utils-lang-3.41.6-2.20230130154947.f4deaad.el8ost.noarch.rpm python3-oslo-utils-3.41.6-2.20230130154947.f4deaad.el8ost.noarch.rpm Red Hat OpenStack Platform 16.1: Source: python-oslo-utils-3.41.6-1.20230130153634.f4deaad.el8ost.src.rpm noarch: python-oslo-utils-lang-3.41.6-1.20230130153634.f4deaad.el8ost.noarch.rpm python3-oslo-utils-3.41.6-1.20230130153634.f4deaad.el8ost.noarch.rpm Red Hat OpenStack Platform 16.2: Source: python-oslo-utils-3.41.6-2.20230130154947.f4deaad.el8ost.src.rpm noarch: python-oslo-utils-lang-3.41.6-2.20230130154947.f4deaad.el8ost.noarch.rpm python3-oslo-utils-3.41.6-2.20230130154947.f4deaad.el8ost.noarch.rpm Red Hat OpenStack Platform 16.2: Source: python-oslo-utils-3.41.6-2.20230130154947.f4deaad.el8ost.src.rpm noarch: python-oslo-utils-lang-3.41.6-2.20230130154947.f4deaad.el8ost.noarch.rpm python3-oslo-utils-3.41.6-2.20230130154947.f4deaad.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-47951 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZBI1RtzjgjWX9erEAQiFTA/8DCpGWRVtF82+lBizwoswP091Zt+VGmCF KN7LNLDB6ruGPbz7pptYPCzsGIpcYOTJ8Yq9kGdsO+uxiOpew/ipA/OEFKW1KD9Q 3RutwrGEyFDf4s9UFLfA1Hk8iq8P+r8mrgLhYSVY3mLJDT1URz9AKIwcP+YicpAT eOfjoVsriG8PBofQLPRhn/tEaoxhdL4Ygsrtrw2SdKJPys90A5x9dB4mTw7vvCcS wWjNKYZWskBPwd0yOHTOErVjDz2fU9aDtqn4sKGrbu3vB7VUZFNkrsMmFgBS6Tkd +uHJ/jWrhyT6HKPIGDSw0pC//vLjbETsPi2711DKsYKTdrzElUjqDJ0VepReY548 SZqtVT8tKlfdFiYDs1K0fQnpSJUph+T0Afam8zH3+KDNYWH8+cQnQZEqI+6rfnVX GIm1423Q+eU2AL5s5uVCIi24wcGzuJU2UC8zxkhkrOB1/kXr2tw4It2lT77u0Gi8 DvdNh2nAyxl51VfhgFWaRS6O3eaAF2GqVSjtOzwHx+3sl01dpxtfonlkFLw9GNBJ aDx0y+ifMgA4y6KpPnyRzFJYD3lVJRmGbe/lPey21X+bt5jOXcNuwjTptlviiUbv Q3GmPcQvqdieNx2KTbcHzexWQwz99Zhd0P4Y1iXszJ43nx8lxBM8HJes90t6oF3D 8mDXqkOVhBY= =Qo2j -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce